Forensic toolkit and method for accessing data stored on electronic smart cards

ABSTRACT

A tool kit for accessing data stored on an electronic SMART card is provided, the kit comprising a SMART card reader and recorder, at least one storage card, and a control card. The card reader and recorder is operative to read and copy the electronic SMART card onto the storage card, and to read the control card, the storage card comprising a storage card security key. The control card comprises code generation means operative to generate a control card security key, copying of the electronic SMART card onto the storage card being prevented unless the control card security key is verified against the storage card security key.

CROSS REFERENCE TO RELATED APPLICATIONS

The present application is a continuation of U.S. application Ser. No.11/403,408, filed Apr. 12, 2006, now U.S. Pat. No. 7,886,347 whichclaims priority to Great Britain Application No. GB 0507495.0, filedApr. 14, 2005, both of which applications are incorporated herein byreference.

FIELD

The present disclosure relates to a forensic toolkit and method foraccessing data stored on electronic SMART cards and particularly, butnot exclusively, for accessing data stored on mobile phone SIM or USIMcards.

BACKGROUND

Electronic SMART cards are widely used in a range of scenariosincluding, for example, in mobile phones, and on commercial vehicles toverify driver information and vehicle usage information such as maximumspeed for example.

Police Forces regularly come into contact with electronic SMART cards aspart of their day-to-day police work. For example, mobile phone usagehas reached a relatively high level in many countries with a relativelyhigh number of adult citizens carrying and using a mobile phone handseton a regular basis. The Police have progressively realized the value andsignificance of the evidential data potentially held within theelectronics of SMART cards.

As with all information gathered by the Police, the quality andintegrity of the data must be absolute and to this end the term‘forensic evidence’ is commonly used to describe any information or datathat has been obtained and interpreted by the Police for the purposes ofestablishing evidence.

To ensure that any data gathered by the Police can be regarded asforensic evidence, there is an ongoing requirement for tools andequipment that can be used to acquire information in a reliable, noninvasive and non-destructive way, and where the potential for datamodification whether intentional or otherwise is kept to a minimum.

SUMMARY

According to a first aspect of the disclosure there is provided a toolkit for accessing data stored on an electronic SMART card, the kitcomprising a SMART card reader and recorder, at least one storage card,and a control card, the card reader and recorder being operative to readand copy the electronic SMART card onto the storage card, and to readthe control card, the storage card comprising a storage card securitykey, the control card comprising code generation means operative togenerate a control card security key, copying of the electronic SMARTcard onto the storage card being prevented unless the control cardsecurity key is verified against the storage card security key.

The security key could comprise any electronic code, signal oridentifier, whether encrypted or otherwise.

Preferably the control card generates the control card security keyusing data relating to the storage card.

Preferably the control card comprises database means containing datarelating to a plurality of storage cards, the data including dataenabling the control card to distinguish between storage cards.

Preferably the database means contains data relating to a plurality ofproduction batches of storage cards, the data including data enablingthe control card to distinguish between batches.

Preferably the database means further comprises a plurality of storagecard access security keys, each storage card access security key beingparticular to a particular batch of storage cards, data exchange betweenthe control card and the storage card being prevented, in use, until anaccess security key input to the control card by a user has beenverified.

Preferably the database means includes data comprising a plurality ofrandomly generated encryption keys, one of the encryption keys beingused by the control card as part of the verification process between thecontrol card and the storage card.

Preferably the code generation means is operative to generate thecontrol card security key for verification against a particular storagecard using an encryption key particular to that storage card.

Preferably the particular encryption key used is selected by the controlcard using a random integer relating to the particular encryption key,the random integer being stored on the storage card.

Preferably the storage card also stores an encrypted security key.

Preferably the encrypted security key is pre calculated on manufactureof the storage card by inputting the random integer and the storage cardsecurity key into an encryption algorithm.

Preferably the code generation means is operative to generate thecontrol card security key by decrypting the encrypted security key usingthe particular encryption key.

Preferably the code generation means comprises a decryptor. Mostpreferably the decryptor comprises a cryptographic processor.

Typically, where the electronic SMART cared comprises a mobile phone SIMor USIM card a particular access control class specific to the user ofthe SIM or USIM card and indicative of the priority of that particularuser on the mobile phone network concerned is allocated to the SIM orUSIM card. To access the mobile phone network the mobile phone SIM orUSIM card, in use, checks that the user's access control class isenabled.

Preferably the tool kit comprises more than one storage card, one of thestorage cards comprising an access storage card for use with a mobilephone handset, the card reader and recorder being operative to alter thecopy of the mobile phone SIM or USIM card made on the access storagecard so that the copy is not allocated any access control classes, thearrangement being such that, when the copy of the mobile phone SIM orUSIM card is activated in a mobile phone handset, the copy of the mobilephone SIM or USIM card is not allowed access to any of the mobile phonenetworks.

Preferably the card reader and recorder is operative to alter the copyof the mobile phone SIM or USIM card such that when the copy of themobile phone SIM or USIM card is activated in a mobile phone handset,the authentication procedure that normally occurs between a mobile phoneSIM or USIM card and a mobile phone network is disrupted.

Preferably, where the mobile phone network ordinarily authenticates themobile phone SIM or USIM card by requesting a secret integer andverifying the requested secret integer against a prestored expectedinteger, the card reader and recorder prevents the secret integer beingsupported on the storage card.

Preferably the or each storage card is operative to prevent verificationof the correct control card security key more than once and thus isoperative to prevent writing of files to the storage card more thanonce.

Preferably the storage card comprises stored batch data, namely dataindicative of the date the storage card was manufactured.

Preferably the file structure of the copy of the SMART card on eachstorage card comprises a different logical layout to the file structureof the target SMART card.

Preferably the card reader and recorder comprises slot means to receiveat least two electronic SMART cards, and control means operative tocontrol the operation of the SMART cards and to control the access ofdata from, and the communication between, the two SMART cards.

Preferably the card reader and recorder is a desktop terminal.Alternatively the card reader and recorder is a hand held terminal.

According to a second aspect of the disclosure there is provided acontrol card for use in copying an electronic SMART card onto storagemeans, the control card comprising code generation means operative togenerate a control card security key, and means to prevent copying ofthe SMART card onto the storage means unless the control card securitykey is verified against a predetermined storage means security key.

Preferably the control card is for use with storage means comprising astorage card, the control card, in use, generating the control cardsecurity key using data relating to the storage card.

Preferably the control card comprises database means containing datarelating to a plurality of storage cards, the data including dataenabling the control card to distinguish between storage cards.

Preferably the database means contains data relating to a plurality ofproduction batches of storage cards, the data including data enablingthe control card to distinguish between batches.

Preferably the database means further comprises a plurality of storagecard access security keys, each storage card access security key beingparticular to a particular batch of storage cards, data exchange betweenthe control card and the storage card being prevented, in use, until anaccess security key input to the control card by a user has beenverified.

Preferably the database means includes data comprising a plurality ofrandomly generated encryption keys, one of the encryption keys beingused by the control card as part of the verification process between thecontrol card and the storage card.

Preferably the control card comprises code generation means operative togenerate the control card security key for verification against aparticular storage card using an encryption key particular to thatstorage card.

Preferably the particular encryption key used is selected, in use, bythe control card using a random integer relating to the particularencryption key, the random integer being stored on the storage card.

Preferably the code generation means is operative to generate thecontrol card security key by decrypting an encrypted security key on thestorage card using the particular encryption key selected.

Preferably the encrypted security key is derived from entering therandom integer and the storage card security key into an encryptionalgorithm.

Preferably the code generation means comprises a decryptor. Mostpreferably the decryptor comprises a cryptographic processor.

According to a third aspect of the disclosure there is provided anaccess storage card comprising means to store a copy of a mobile phoneSIM or USIM card on the access storage card to enable the access storagecard to communicate with a mobile phone handset such that mobile phonedata stored on the copy of the mobile phone SIM or USIM card and storedon the mobile phone handset can be accessed, data transfer between oneor both of the storage card and the mobile handset, and any mobile phonenetwork, in use, being prevented.

Typically a mobile phone SIM or USIM card is allocated a particularaccess control class specific to the user of the SIM or USIM card andindicative of the priority of that particular user on the mobile phonenetwork concerned. To access the mobile phone network the mobile phoneSIM or USIM card checks that the user's access control class is enabled.

Preferably the access storage card comprises an altered copy of themobile phone SIM or USIM card, the copy being altered so as not to beallocated any access control classes, the access storage card being suchthat, when the copy of the mobile phone SIM or USIM card is activated ina mobile phone handset, one or both of the copy of the mobile phone SIMor USIM card and the mobile phone handset is prevented from accessingany of the mobile phone networks.

Preferably the copy is altered such that the authentication procedurethat normally occurs between a mobile phone SIM or USIM card and amobile phone network is disrupted.

Preferably, where the mobile phone network authenticates the mobilephone SIM or USIM card by requesting a secret integer and verifying therequested secret integer against a prestored expected integer, the copyof the mobile phone SIM or USIM card is altered such that the secretinteger is prevented from being supported on the access storage card.

Preferably the access storage card comprises means to prevent writing offiles to the storage card without a correct security key being verifiedagainst an access storage card security key.

Preferably the access storage card is operative to prevent acceptance ofthe correct security key more than once and thus prevents writing offiles to the storage card more than once.

Preferably the access storage card comprises prestored data indicativeof the date the storage card was manufactured.

Preferably the access storage card comprises a prestored random indexinteger specific to the access storage card, the access storage cardfurther comprising a prestored encrypted security key derived fromentering the random index integer and the storage card security key intoan encryption algorithm.

According to a fourth aspect of the disclosure there is provided aplurality of cards for accessing data stored on a electronic SMART card,the plurality of cards comprising at least two storage cards for eachstoring a respective copy of the electronic SMART card such that eachstorage card can, in use, communicate with an electronic device toenable data to be accessed, each storage card comprising a respectivestorage card security key, the kit further comprising a control cardcomprising code generation means operative to generate a control cardsecurity key, each storage card being operative to prevent, in use,copying of the electronic SMART card onto each storage card unless thecontrol card security key is verified against the respective storagecard security key.

According to a fifth aspect of the disclosure there is provided a methodof copying a mobile phone SIM or USIM card onto a storage card, themethod comprising a step of altering the copy of the mobile phone SIM orUSIM card such that, in use of the storage card with a mobile phonehandset, data transfer between at least one of the copy of the mobilephone SIM or USIM card and the mobile phone handset, and any mobilephone network, is prevented.

Preferably the method comprises a step of altering the copy of themobile phone SIM or USIM card made on the storage card so as not toallocate any access control classes to the copy, such that, when thecopy of the mobile phone SIM or USIM card is used in a mobile phonehandset, the copy of the mobile phone SIM or USIM is prevented fromaccessing any of the mobile phone networks.

Preferably the method comprises a step of altering the copy of themobile phone SIM or USIM card such that when the copy of the mobilephone SIM or USIM card is used in a mobile phone handset, theauthentication procedure that normally occurs between a mobile phone SIMor USIM card and a mobile phone network is disrupted.

Preferably the method comprises a step, where the mobile phone networkauthenticates the mobile phone SIM or USIM card by requesting a secretinteger and verifying the requested secret integer against a prestoredexpected integer, of preventing the secret integer being supported onthe storage card.

Preferably the method comprises a step of creating means on the storagecard to prevent writing of files to the storage card more than once.

According to a sixth aspect of the disclosure there is provided anelectronic data processor operative according to the method of the fifthaspect of the invention.

According to a seventh aspect of the disclosure there is provided amethod of copying an electronic SMART card using a SMART card reader andrecorder, at least one storage card, and a control card, the methodcomprising steps of using the card reader to read a storage cardsecurity key from the storage card, using the control card to generate acontrol card security key, verifying the control card security keyagainst the storage card security key, the method comprising a furtherstep of preventing copying of the electronic SMART card onto the storagecard unless the control card security key is successfully verifiedagainst the storage card security key.

The security key could comprise any electronic code, signal oridentifier, whether encrypted or otherwise.

Preferably the method comprises a step of generating the control cardsecurity key using data relating to the storage card.

Preferably the method comprises a step of generating the control cardsecurity key using date from database means containing data relating toa plurality of storage cards, the data including data enabling thecontrol card to distinguish between storage cards.

Preferably the method uses data from database means containing datarelating to a plurality of production batches of storage cards, the dataincluding data enabling the control card to distinguish between batches.

Preferably the method uses data from database means further comprising aplurality of storage card access security keys, each storage card accesssecurity key being particular to a particular batch of storage cards,the method comprising a step of preventing data exchange between thecontrol card and the storage card until an access security key input tothe control card by a user has been verified against a stored storagecard access security key.

Preferably the method uses data from database means comprising aplurality of randomly generated encryption keys, the method comprising astep of controlling the control card to use one of the encryption keysas part of the verification process between the control card and thestorage card.

Preferably the step of controlling the control card comprises generatingthe control card security key for verification against a particularstorage card using an encryption key particular to that storage card.

Preferably the particular encryption key used is selected by the controlcard using a random integer relating to the particular encryption key,the random integer being stored on the storage card.

Preferably the storage card also stores an encrypted security key.

Preferably the method comprises a step of pre-calculating the encryptedsecurity key on manufacture of the storage card by inputting the randominteger and the storage card security key into an encryption algorithm.

Preferably the method step of generating the control card security keycomprises a step of decrypting the encrypted security key using theparticular encryption key.

Preferably the method comprises a step of reading, from the controlcard, data indicative of the batch date of that storage card to selectdatabase means particular to the batch date of the storage cardconcerned.

Preferably the method comprises a subsequent step of determining anaccess security key from the particular database means selected, and asubsequent step of verifying the access security key against an accesssecurity key stored in the storage card, and a further step ofpreventing use of the storage card if the access security key areunsuccessfully verified.

According to an eighth aspect of the invention there is provided anelectronic data processor operative according to the method of theseventh aspect of the invention.

Other aspects of the present invention may include any combination ofthe features or limitations referred to herein.

BRIEF DESCRIPTION OF THE DRAWINGS

The present invention may be carried into practice in various ways, butembodiments will now be described by way of example only with referenceto the accompanying drawings in which:

FIG. 1 is a schematic view of a forensic toolkit in accordance with thepresent invention;

FIG. 2 is a perspective view of a desktop terminal comprising part ofthe toolkit of FIG. 1;

FIG. 3 is a perspective view of a hand held terminal comprising part ofthe toolkit of FIG. 1;

FIG. 4 is a plan view of a plurality of cards comprising part of thetoolkit of FIG. 1;

FIG. 5 is a flow diagram of a method of using the forensic toolkit ofFIGS. 1 to 4;

FIG. 6 is a schematic view of the method of using the forensic toolkitof FIG. 5;

FIG. 7 is a flow diagram of a sub method of using the forensic toolkitof FIGS. 1 to 4;

FIG. 8 is an example file structure of an electronic SMART card; and

FIG. 9 is an example modified file structure of a copy of an electronicSMART card.

DETAILED DESCRIPTION

Referring initially to FIGS. 1 to 4, a forensic toolkit 1 comprises adata acquisition terminal 3 which functions as an electronic SMART cardreader and recorder, and a plurality of electronic SMART cards 5 on eachof which is provided stored data and code used by the terminal 3. Suchelectrical SMART cards 5 could be in accordance with ISO specification7816.

The acquisition terminal 3 is a standalone desktop unit comprising anembedded electronic data processor with visual display 7, keyboard 9 andfour SMART card slots 11. It runs a specifically written program whichleads a technician through each acquisition step, ensuring that thecorrect process is followed. It also implements a number of securityfeatures.

The terminal 3 does not provide any means for the data on any of theSMART cards 5 used with the terminal 3 to be viewed and is solely usedfor generating copies of a target SMART card data onto the other SMARTcards 5. The terminal 3 can be provided in the form of the desktopterminal 3 as shown in FIGS. 1 and 2, and/or a handheld terminal 3A asshown in FIG. 3.

The set of cards 5 comprises a control SMART card 13, a master SMARTstorage card 15, two other storage SMART cards 17 which are intended foruse by defense and prosecution counsels in court proceedings, and anaccess storage SMART card 18 which can be used with the device withwhich the target SMART card is ordinarily used. Where the target SMARTcard is a mobile phone SIM or USIM card, the access SMART card 18 can beused in a device comprising a mobile phone handset.

The control card 13 shown in FIG. 4 is a specially programmed JAVA SMARTcard which uniquely identifies each acquisition terminal operator,stores secure key information, and performs encryption operations. Itmust be inserted into the terminal 3 before acquisition of data fromother cards 5, or writing of data from one card 5 to another, maycommence.

By ‘key’ we mean any electronic code, signal or identifier, whetherencrypted or otherwise. Such a key could comprise, for example, a simplecombination of alphanumeric integers, or a more complex encrypted code.

The master card 15 and storage cards 17 are specially prepared SMARTcards which are used to hold data acquired from a target card 19, thetarget card 19 comprising the original SMART card in question. Once thedata has been written to each card 15, 17 during acquisition, the card15, 17 are electronically ‘locked’ to prevent modification of the copieddata at a later date.

The access storage card 18 can be used, for example where the targetSMART card is a mobile phone SIM or USIM card, in a mobile phone handsetbut prevents the handset communicating with a mobile phone network andthus prevents data transfer between one or both of the access storagecard 18 and the mobile phone handset and the mobile phone network.

The acquisition process begins with insertion of the control card 13into the terminal 3. The target card 19 is then inserted into theterminal 3 followed by a master storage card 15 or a storage card 17,all prior to acquisition of data from the target card 19 commencing.With the storage card 15, 17 fully inserted data acquisition begins, thedata comprising digital information stored on the target card 19. Whenthe data has been successfully copied, the storage card 15, 17 is/areejected from the terminal 3, completing the acquisition phase of theprocess.

The analysis of the copied data begins with the insertion of a storagecard 15, 17 into a SMART card mouse 21 which is connected to standard PC23. The PC 23 runs a data analysis program, which may be, for example, aWindows® type application, and which permits interrogation of the datacontained on the storage card 15, 17 and generates reports forevidential purposes. This program provides read-only access to the datastored on the cards 15, 17 and is able to generate textual reports onthe contents of the inserted card 15, 17, which may be viewed on screen,saved to a disk file or printed.

Each acquisition operation creates three separate copies of the datafrom the target card 19.

The first copy of the data is made on the master storage card 15. Thiscard 15 contains a copy of the data from the target card 19 and alsocontains key information about the acquisition process including theoperator identity provided from the control card 13. A security PIN mustbe entered to read the data after acquisition. This security PIN iscreated during manufacture of the master card 15 and is hidden behind ascratch-off panel 27 on the front of this card 15. This copy of the datafrom the target card 19 is designed to only be accessed as a last resortto confirm that the data on the other storage cards 17 exactly matchesthe data on the target card 19.

The second copy of the data is made on the defense storage card 17. Thiscard contains a copy of the data from the target card 19 and alsocontains information about the acquisition process. Details of thecontrol card 13 may be withheld from this card 17 at the discretion ofthe acquisition operator.

The third copy of the data is made on the prosecution storage card 17this card 17 is identical to the defense storage card 17.

Due to the nature of the toolkit 1, the components described above havedifferent levels of re-use. The following table provides a summary ofthe re-use and quantity requirements for each component:

Component Re-usable Quantity required Acquisition Desktop Yes As neededTerminal 3 Handheld Acquisition Yes As needed Terminal 3A Data AnalysisProgram Yes As needed (one copy supplied with each acquisition terminal)Control Card 13 Yes, but may be One for each terminal time or uselimited if required Data Storage Card pack No One pack for each(containing Master, Target Card acquisition Defence and Prosecutioncards 15, 17)

The toolkit 1 supports the following processes:

-   -   1. Acquisition—during this process data is read from a target        SMART card 19 and recorded on storage cards 15, 17.    -   2. Analysis—this allows the data recorded on each storage card        15, 17 to be read, and reports generated about the data obtained        from the target card 19.    -   3. Terminal Calibration—in order to ensure integrity of the        terminal 3, the terminal 3 requires a regular calibration and        integrity test.

The equipment and processes used at each stage are described in thefollowing paragraphs.

The toolkit 1 is able to copy data from the target card 19 to storagecards 15, 17 while ensuring data integrity. This is achieved byfollowing steps A-Z as shown in FIGS. 5 and 6. It can be seen that ateach stage of the process the integrity of each component and its datais confirmed.

The data acquisition process begins by inserting the control card 13into one of the card reader slots 11 in the terminal 13 which theninvites the operator to enter his personal identity information and hissecret access security key which may be in the form of a PIN. The PIN isverified against a PIN stored in the control card.

If verified, the user inserts the target SMART card 19 into another ofthe card reader slots 11 and the terminal 3 checks that the target SMARTcard 19 is valid.

The user then inserts the master storage card 15 into another of thecard reader slots 11 and the terminal 3 prepares the master card 15 fordata transfer from the target card 19. If the master card validity isverified, data is transferred.

The user then sequentially inserts the defense and prosecution storagecards 17 which are each checked by the terminal 3 for validity. If thestorage card validity is verified, data is transferred.

Finally, the user inserts the access card 18 into a card reader slot 11and the terminal 3 checks the validity of the access card 18 beforecopying data to the access card 18 from the target card 19. It is to beappreciated that the data copied to the access card 18 is modified toprevent the access card 18 accessing a mobile phone network when theaccess card 18 is later used in a mobile phone handset. Thismodification process is described below.

Each card 15, 17, 18 is automatically ejected by the terminal 3 uponcompletion of the data transfer to the respective card 15, 17, 18 fromthe target card 19.

The acquisition process copies the following data onto the storage cards15, 17, 18:

-   -   1. Standard SMART files (for example GSM SIM or USIM files) as        specified in Appendix A. These will be created on the Storage        Cards 15, 17, 18 to be an exact replica of the files on the        Target Card 19.    -   2. Start and end time of data writing process.    -   3. Checksum of file contents (a number of different        checksum/fingerprinting algorithms can be used).    -   4. Control card 13 identification information including operator        name (only written to Defense and Prosecution storage cards 17        if requested by operator during acquisition).

The SMART files are stored in a file system, and can be viewed usingstandard SMART tools. However, due to the security mechanism, thesefiles may only be read, not updated, after acquisition.

The remaining information is stored in files under a new directory whichis specific to the toolkit 1. These files can be read and interpretedusing the analysis program described below.

The analysis of data held on storage cards 15, 17, 18 is performed bythe analysis program component running on the PC 23.

The main features of the program include:

-   -   Automatic detection of storage card 15, 17, 18 insertion and        removal from the terminal 3.    -   Automatic storage card 15, 17, 18 type detection and summary        display.    -   Automatic prompting for an access security key if required.    -   Automatic loading and verification of data stored on the storage        cards 15, 17, 18 and indication of errors on a file-by-file        basis.    -   Form-style dialog page provided for entry of extra report        information, such as case identification information.    -   One-button report generation.    -   Options to view report on screen, save to text file on disk        and/or print hard copy.

The operator-friendly user interface is designed to lead the operatorthrough the analysis process as simply as possible.

The report is designed to be accessible to non-technical readers andtherefore a textual description of each file is provided for every GSMfile.

In order to ensure that the terminal 3 operates correctly at all timesit is checked as follows:

-   -   1. Before every acquisition, the terminal 3 performs a self-test        to verify that the software stored in the terminal's flash        memory has not been modified and that the real-time clock is        valid.    -   2. Every four weeks the terminal 3 must be connected to a PC and        fully checked using terminal calibration software.

The terminal calibration program runs on a PC that communicates with theterminal 3 using a standard serial interface. Once communications areestablished, the terminal calibration software verifies that thesoftware in the terminal 3 is valid and performs a CRC checksumanalysis. The program then validates the terminal's clock, and correctsthe clock if necessary.

A terminal 3 which has not been calibrated within the necessary timecannot be used to acquire forensic data. However, when the calibrationis due in a week or less, the terminal 3 will automatically remind theoperator of the deadline before beginning acquisition.

It is envisaged that the analysis and terminal calibration programs thatform part of the toolkit 1 can be used on a PC comprising the followingexample specification:

-   -   800 MHz Intel Pentium 3 (or equivalent)    -   128 Mb RAM    -   5 Mb free hard disk space (excluding space for saved reports)    -   Windows 2000 or Windows XP operating system    -   Standard 9 pin RS-232 serial port    -   USB port for Mouse Smartcard reader    -   USB port for software security tag

The above specification is an example only and it is envisaged that anyother suitable electronic data processing apparatus having any othersuitable specification can alternatively be used.

The toolkit 1 described above supports the secure extraction andanalysis of data from standard SMART cards currently in use in the UK.It is envisaged that the capabilities of the toolkit 1 will be equallyapplicable to mobile phone SIM cards and third generation USIM cards (3Gcards). USIM cards have a number of differences from standard GSM SIMcards including larger storage capacity and a far more sophisticatedphonebook.

In some cases it is difficult to perform machine interpretation of allof the data extracted from a target card 19. For example where recordshave been deleted or partially overwritten, they may still containuseful forensic data. Therefore the analysis program can also provideautomatic and semi-automatic analysis to extract further data.

Where there has been operator assistance this will be clearlyhighlighted in the report to avoid any doubt about the validity of theresult.

The security of data copied onto storage cards 15, 17, 18 is assured byusing a combination of shared keys which only allow a storage card 15,17, 18 to be written to when the correct sequence of events is followed.

The terminal 3 manages the acquisition process.

The control card 13 runs a bespoke software application and contains adatabase with the following information for each production batch(BATCHDATE) of storage cards 15, 17, 18:

-   -   A storage card access security key, SECURITYKEY1; and,    -   A table containing 256 randomly generated keys, ENCRYPTIONKEY1        to ENCRYPTIONKEY256.

Each storage card 15, 17, 18 is a SMART card, pre-configured in thefactory to have a number of distinct features:

-   -   It cannot be written to unless the correct ‘personalisation’ key        (referred to as SECURITYKEY2) is presented;    -   SECURITYKEY2 is only accepted by each storage card 15, 17, 18        once and will be rejected if it is presented again; and    -   SECURITYKEY2 puts each storage card 15, 17, 18 into a mode where        files may be created and stored on the respected card 15, 17,        18.

At the time of production, a random value is selected for theSECURITYKEY2 of each storage card 15, 17, 18 and the followinginformation is then pre-loaded onto each storage card 15, 17, 18:

-   -   The batch date of each storage card 15, 17, 18, BATCHDATE;    -   A random index value, KEYOFFSET, used to select an        ENCRYPTIONKEY;    -   The mathematical result, termed ESECURITYKEY2, of applying a DES        encryption algorithm to the SECURITYKEY2 value with the key        ENCRYPTIONKEY<KEYOFFSET>.

The value for KEYOFFSET and ESECURITYKEY2 may only be read after acorrect value for SECURITYKEY1 has been supplied to the control card 13at the beginning of the process.

A flowchart of the security authentication process is shown in FIG. 7 insteps AA to PP.

The terminal 3 initially selects the storage card 15, 17, 18 to whichdata is to be copied and reads the value(s) BATCHDATA.

The terminal 3 then selects the control card 13 and requests the user toinput SECURITYKEY1 to the terminal 3 for the batch date determined.

The user inputted key is then verified against the SECURITYKEY1 storedon the particular storage card 15, 17, 18 concerned.

If the key is verified the control card 13 enables the terminal 3 toread the values for KEYOFFSET and ESECURITYKEY2 from the particularstorage card 15, 17, 18 concerned.

These values are then input to the control card 13 and SECURITYKEY2 isrequested from the control card 13.

The control card 13 comprises code generation means comprising adecryptor that determines SECURITYKEY2 by initially looking up theENCYPTIONKEY that corresponds to the random value of KEYOFFSET on theENCYRPTIONKEY database on control card 13. The corresponding encryptionkey is then used by the decryptor to enable the ESECURITYKEY2 to bedecrypted to reveal SECURITYKEY2. The ENCYPTIONKEY thus enables theencrypted SECURITYKEY2 to be accessed.

Once accessed, the decrypted SECURITYKEY2 is verified against the valueof SECURITYKEY2 stored on the particular storage card 15, 17, 18concerned. If this verification is positive, copying of data from thetarget card 19 to the storage card 15, 17, 18 is enabled.

It is important to note that:

-   -   The plain-text value of SECURITYKEY2 is not stored anywhere but        is set as a key in each storage card 15, 17, 18. SECURITYKEY2        cannot be read directly;    -   The value for SECURITYKEY2 is randomly selected for each storage        card 15, 17, 18 and is not related to the serial number or        production date of each storage card 15, 17, 18; and    -   The control card 13 generates the SECURITYKEY2 from information        held on each storage card 15, 17, 18.

The access storage card 18 allows forensic examination to be performedwithin legislative guidelines, while ensuring that all original data isretained in the mobile phone handset for retrieval.

The access storage card 18 is created using generally the same procedureas used with the other storage cards 15, 17 as described above. Howevera difference is that during the write process of data files from thetarget card 19 to the access storage card 18, certain files are changedto prevent the access storage card 18 from being used to access anyelectronic network such as, for example a mobile phone network. Twodifferent methods are used. It is envisaged that either or both methodcould be used as desired.

In order to allow priority of users in a mobile phone network, the GSM/3G specifications require that each user is allocated one or more offifteen ‘Access Control Classes’. The access control class(es) is storedon the mobile phone SIM or USIM card, and before accessing the network,the mobile phone handset must check that the mobile phone network hasthe user's access control class enabled.

One method used to prevent network access is to not allocate any accesscontrol classes in the copy of the mobile phone SIM or USIM card made onthe access storage card 18. When the access storage card 18 is insertedinto a mobile phone handset and the handset is turned on, the copy ofthe SIM or USIM card is forced to believe that the copy of the SIM orUSIM card is not allowed to access the mobile phone network.

Before a mobile phone handset can make or receive calls or make orreceive text messages the handset must register with the mobile phonenetwork and as part of the registration process, security checks areperformed to verify that the mobile phone user is valid. The mobilephone network asks the SIM or USIM card (through the mobile phonehandset) to confirm its identity using a secret value (Ki) and checksthe SIM or USIM card's response against the expected value.

The access storage card 18 ensures that the authentication procedurewill fail by not supporting the secret value Ki. This means that if amobile phone handset incorrectly contacts a mobile phone network andattempts to register with the mobile phone network, the subsequentauthentication procedure will fail.

A SMART card such as a SIM or USIM card can have a file system similarto that of a Windows PC, whereby one top-level directory consists ofseveral sub-directories and/or files. Those sub-directories can alsocontain sub-directories and/or files and so on. Thus, a metaphoricaltree is formed consisting of directories and files.

On a GSM SIM card or USIM card, the file system structure is mostlypre-set by the industry ETSI and 3GPP specifications. Therefore, anycard conforming to those specifications should behave and react in thesame way.

As the storage cards are copies of an original SIM or USIM card, whichconform to the industry specifications, so storage cards also conform tothe industry specifications, meaning that if a storage card was put intoa mobile phone handset, the handset would recognize it as a normal SIMor USIM card and should behave normally.

However the storage cards are not intended for use with a mobile phonehandset, and therefore the structure of the file system is altered tostop the mobile phone handset functioning in a normal way if a storagecard were inserted into it.

The file system structure in the ETSI and 3GPP specifications is(partially) defined as shown in FIG. 8 wherein each directory and filehas an identifier such as, ‘7F20’. The names are purely to make theidentifiers human readable.

When a copy of the SIM or USIM card is created on the storage card, mostof the file system structure is created and copied to match the originalSIM or USIM card. However, the GSM directory is logically renamed (fromGSM to FORENSIC) and given a different identifier (from 7F20 to 7F15)and all files that exist in the original GSM directory are copied to theFORENSIC directory.

So the copy of the SIM or USIM card made on each storage card uses afile structure as shown in FIG. 9. By changing the file system structurein this way, if a storage card is inserted into a mobile phone handset,the mobile phone handset will not ‘see’ the files it requires tofunction correctly, although they will exist in another directory on thestorage card.

Thus all of the files from the original SIM/USIM card are copied to eachstorage card, but those files are stored in a different logical layout.This means that if the storage card were entered into a mobile phonehandset, the handset will not recognize it as a normal SIM/USIM card andwill not therefore function correctly.

The above described tool kit 1 can be used with any type of electronicSMART card where potentially evidential data is stored or transferred,including mobile phone SIM or USIM cards, or SMART cards as used incommercial or passenger vehicles.

APPENDIX A CHV1 Op- Elementary Re- tional File name Description quiredFile ELP Extended Language Preference LP Language-Preference PLMNSelPLMN Selector √ √ ACMMax ACM Maximum value √ √ ACM Accumulated CallMeter √ √ PUCT Price per unit and currency table √ √ CBMI Cell broadcastInformation √ √ Identifier Selection BCCH Broadcast Control Channels √FPLMN Forbidden PLMNs √ LOCI Location Information √ Aaem AutomaticAnswer for eMLPP √ √ Service CBMIR Cell Broadcast message Identifier √ √for Data Download DCK De-personalisation Control Keys KcGPRS GPRSCiphering key KcGPRS √ LOCIGPRS GPRS location information √ ADNAbbreviated Dialling numbers √ √ FDN Fixed Dialling numbers √ √ SMSShort messages √ √ CCP Capability configuration parameters √ √ MSISDNMobile Subscriber Identity Service √ √ Dialling Number SMSP ShortMessage Service Parameters √ √ SMSS SMS Status √ √ LND Last NumberDialled √ √ SDN Service Dialling Numbers √ √ EXT1 Extension 1 √ √ EXT2Extension 2 √ √ EXT3 Extension 3 √ √ BDN Barred Dialling numbers √ √EXT4 Extension 4 √ √ SMSR Short Message Service Reports √ √ SST SIMService Table √ ICCID ICC Identification IMSI International MobileSubscriber Identity NIA Networks Indication of Alerting √ √ CNLCo-operative Network List √ √ DCK Depersonalisation keys √ √ ECCEmergency Call Codes √ CBMID Cell Broadcast Message Identifier For √ √Data Download eMLPP Enhanced Multi-Level Pre-emption √ √ and PriorityVBSS Voice Broadcast Service Status √ √ VBS Voice Broadcast Service √ √VGCSS Voice Group Call Service Status √ √ VGCS Voice Group Call Service√ √ Phase Phase Identification AD Administrative Data ACC Access ControlClass √ SPN Service Provider Name √ GID1 Group Identifier Level 1 √ √GID2 Group Identifier Level 2 √ √ HPLMN HPLMN Search Period √ KcCiphering Key √ IMSI International Mobile Station Identity √ SAi SoLSAAccess Indicator √ √ SLL SoLSA list √ √ LSA Descriptor file √ √ IMGImage √ √ IIDF Image Instant Data Files

1. An access storage card for accessing data contained on a mobile phonehandset for use as forensic evidence, the access storage card comprisingmeans to store a copy of a mobile phone SIM or USIM card on the accessstorage card to enable the access storage card to communicate with amobile phone handset when the access storage card is inserted into themobile phone handset such that mobile phone data on the copy of themobile phone SIM or USIM card stored on the access storage card andmobile phone data stored on the mobile phone handset can be accessed,yet data transfer between one or both of the storage card and the mobilehandset, and any mobile phone network is prevented, wherein the accessstorage card comprises an altered copy of the mobile phone SIM or USIMcard, wherein the copy is altered such that the authentication procedurethat normally occurs between a mobile phone SIM or USIM card in a mobilephone and a mobile phone network is disrupted, and wherein the mobilephone network authenticates the mobile phone SIM or USIM card byrequesting a secret integer and verifying the requested secret integeragainst a prestored expected integer, the copy of the mobile phone SIMor USIM card on the access storage card is altered such that the secretinteger is prevented from being supported on the access storage card. 2.The access storage card of claim 1 wherein the copy is altered so as notto be allocated any access control classes, the access storage cardbeing such that, when the copy of the mobile phone SIM or USIM card isactivated in a mobile phone handset, one or both of the copy of themobile phone SIM or USIM card and the mobile phone handset is preventedfrom accessing any of the mobile phone networks.
 3. The access storagecard of claim 1 comprising means to prevent writing of files to thestorage card without a correct security key being verified against anaccess storage card security key.
 4. The access storage card of claim 3wherein the access storage card is operative to prevent acceptance ofthe correct security key more than once and thus prevents writing offiles to the storage card more than once.
 5. The access storage card ofclaim 1 comprising prestored data indicative of the date the storagecard was manufactured.
 6. The access storage card of claim 1 wherein theaccess storage card comprises a prestored random index integer specificto the access storage card, the access storage card further comprising aprestored encrypted security key derived from entering the random indexinteger and the storage card security key into an encryption algorithm.7. A method of copying a mobile phone SIM or USIM card onto an accessstorage card so that the access storage card can be used to access datacontained on a mobile phone handset for use as forensic evidence, themethod comprising a step of altering the copy of the mobile phone SIM orUSIM card such that, when the storage card is inserted into and usedwith a mobile phone handset, data transfer between at least one of thecopy of the mobile phone SIM or USIM card stored on the storage card andthe mobile phone handset, and any mobile phone network, is prevented,the method further comprising a step of altering the copy of the mobilephone SIM or USIM card such that when the copy of the mobile phone SIMor USIM card stored on the storage card is used in a mobile phonehandset, the authentication procedure that normally occurs between amobile phone SIM or USIM card in a mobile phone and a mobile phonenetwork is disrupted, and the method comprising a further step, wherethe mobile phone network authenticates the mobile phone SIM or USIM cardby requesting a secret integer and verifying the requested secretinteger against a prestored expected integer, of preventing the secretinteger being supported on the storage card.
 8. The method of claim 7comprising a step of altering the copy of the mobile phone SIM or USIMcard made on the storage card so as not to allocate any access controlclasses to the copy, such that, when the copy of the mobile phone SIM orUSIM card is used in a mobile phone handset, the copy of the mobilephone SIM or USIM is prevented from accessing any of the mobile phonenetworks.
 9. The method of claim 7 comprising a step of creating meanson the storage card to prevent writing of files to the storage card morethan once.
 10. An electronic data processor operative to perform themethod of claim 7.